From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 38891139085 for ; Sun, 18 Dec 2016 18:15:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 60D36E0DED; Sun, 18 Dec 2016 18:15:52 +0000 (UTC) Received: from smtp6.plusvps.com (smtp6.plusvps.com [89.201.164.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E8F7BE0DA1 for ; Sun, 18 Dec 2016 18:15:51 +0000 (UTC) Received: from lin16.mojsite.com ([178.218.164.164]) by smtp6.plusvps.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from ) id 1cIfzv-000E2T-34 for gentoo-user@lists.gentoo.org; Sun, 18 Dec 2016 19:15:47 +0100 Received: from 78-1-142-241.adsl.net.t-com.hr ([78.1.142.241]:48428 helo=g0n.localdomain) by lin16.mojsite.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1cIfzt-00074a-Q3 for gentoo-user@lists.gentoo.org; Sun, 18 Dec 2016 19:15:45 +0100 Received: by g0n.localdomain (Postfix, from userid 1000) id 5F8336BC4; Sun, 18 Dec 2016 19:16:16 +0100 (CET) Date: Sun, 18 Dec 2016 19:16:16 +0100 From: Miroslav Rovis To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No Message-ID: <20161218181616.GA13242@g0n.xdwgrp> References: <20161216165118.GA26704@g0n.xdwgrp> <20161216222708.GA23562@g0n.xdwgrp> <20161217055952.GB13608@waltdnes.org> <20161217224455.GA9477@g0n.xdwgrp> <20161217232554.GB9477@g0n.xdwgrp> <20161218015637.GC18283@waltdnes.org> <20161218055009.GA11155@g0n.xdwgrp> <20161218070441.GA19833@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: <20161218070441.GA19833@waltdnes.org> User-Agent: Mutt/1.7.2 (2016-11-26) X-PlusHosting-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Found to be clean X-PlusHosting-MailScanner-SpamCheck: X-Spam-Status: No, No X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - lin16.mojsite.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - croatiafidelis.hr X-Get-Message-Sender-Via: lin16.mojsite.com: authenticated_id: miro.rovis@croatiafidelis.hr X-Authenticated-Sender: lin16.mojsite.com: miro.rovis@croatiafidelis.hr X-PlusHosting-MailScanner-Information: Please contact the ISP for more information X-PlusHosting-MailScanner-ID: 1cIfzv-000E2T-34 X-PlusHosting-MailScanner-From: miro.rovis@croatiafidelis.hr X-Archives-Salt: 48cf924c-9df9-45fb-8d93-658569605e65 X-Archives-Hash: eb5b8f09d6280e73f5d212932d9cb017 --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 161218-02:04-0500, Walter Dnes wrote: > > How come people are so little interested to read the traffic, to learn > > how sites behave which they visit, and often to discover what sites > > really do to them? > >=20 > > I'll go and inquire at the Pale Moon forum about the issues above, and > > will post there this exact question above, I think. >=20 > This is a very obscure topic. Maybe nobody who knows about it read > that post. I only read 3 sub-forums... >=20 > * Announcements... for new versions, etc > * Pale Moon for Linux... because I run the linux version > * Contributed builds... I do an SSE-only contributed 32-bit build. It > is useful for older Pentium 3 class machines, which will not run the > regular Pale Moon build. >=20 > I couldn't find anything about NSS logging on Google... except your Why the Schmoog engine? duckduckgo.com is some much more privacy acceptable= =2E.. But there are links too in the page that I posted the patch, below... > question. I followed the instructions in your post here, and that's how > I got it to work. I did not know about it until you told me. If Palemoon logs SSL-keys, then it must use some of openssl, libressl, gnutls, or the Mozilla/Google/Oracle (IIRC), but primary Mozilla program Network Security Services, dev-libs/nss-3.27.2 . > > Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE > > being written to? Like in this bug: > >=20 > > >=3Ddev-libs/nss-3.24 - Add USE flag to enable SSL key logging > > https://bugs.gentoo.org/show_bug.cgi?id=3D587116 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_rele= ase_notes#Notable_changes_in_NSS_3.24 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS= _environment_variables (from that Bugzilla page) > >=20 > > Did you? (That's about the only patch there, that I submitted to > > Bugzilla anywhere ;-) btw.) >=20 > No patches required to the source code for that. Probably that means what it meant in some of the Mozilla pages... That's not good. Because it means the SSL-key logging is enabled by default. Was in Firefox too. Not, it need to be at user's decision, compile time only possible in Firefox, in optimize ebuilds, with my (minuscule) patch...= But in binary releases, it is enabled by default in Firefox... > I do my own custom > manual build, to eliminate the dependancy on dbus, plus other tweaks. > That involves setting options in the mozconfig file, but no source code > changes. If you want to do your own build, see my post on December 9th > https://forum.palemoon.org/viewtopic.php?f=3D37&t=3D13898&start=3D20#p100= 625 > Note; this is version 2 of my build environment. You should see an > attached file "pmmain.tgz" on that post. Do not use version 1, with > (utils.tgz) in the first post of that thread. You know why the no-dbus way above may be my only way of doing it? Or for which reason I might have to give up?=20 The only way, because after: $ git clone https://github.com/deuiore/palemoon-overlay I grep'd a log of dbus lines in that repo :-( , so Palemoon has the dbus dependency... Firefox does not. And not only in Gentoo. (And I don't intend to install no poetterware whatsoever --dbus being at least a relative, or maybe better defined as the precursor, which prepared the way for poetterware, IMO.) And that also may prove to be the reason that I might have to give up. Which I will only do if it shows to be too difficult for me. I've only just downloaded: https://forum.palemoon.org/download/file.php?id=3D6761 =66rom: https://forum.palemoon.org/viewtopic.php?f=3D37&t=3D13898&start=3D20#p100625 so I don't yet know... We'll see... > --=20 > Walter Dnes > I don't run "desktop environments"; I run useful applications >=20 Thanks also to Martin Vaeth for his correcting of my assumption. Regards! --=20 Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYVtJwAAoJEOqYhIhPuvCuJjQP/j9Y0yKHph6sNL5PIf7CG9kk gHNEjOJWIE81VdUV1UwaT+ftYHZC1XbRHklGfFbhOTDezt1qM9KcvEJ9IYYwrM9M /POyBZ8y7nml6LILjv3Og68EiwF/ltQAFwR7IWH2Tzpvla4+T4ax9YBhCnuKroa9 wvDD7ZWY1BlVnEuRfUQDf+A2sGFKwu1/LRpCviYSUD7TluGxI7GGvf/4GPoXPsuA tg8q21hom+lv5W+Vj5HPEKinz0nHc8rnERUJISmrO3dRUA9wyeZK3HyzNRfRZp3O ymVhCvEv/rVb4yhBQFboxpIIMrPt8FE5i8eVWR3c9Jg59Hte/vbtK/mwOfATMzUo 784qRJ43IiMIRxBMUXuuyakvSvknURX/AqnHbMumfi+poT2r3SJJAh0SvrVYV1bY 1ajLCjjhjs4khLkRN9tkea210uei55uJXSnZzjR0o2Um7RbuTUQmb+n1sag4zlXZ XQmNsC5I3SUu2OSXCdmtrm1L/mDDJqEJZPgdMdXH6bGUVZNLM7sR+BBlsblfXvVO wXEbUPpLDh3riBI8vfwbTnNLBYE9yYuCjLBir9rp6i4LESSCIrAjai91C2kSenme en3O//PIzSfs2yy/PHbd7znVB4hgTpzDdtf2d15ihusC43k5N8hVF+giOubpOM0f bFmNPgmwjL6VG7yZDjlo =a2rQ -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N--